Merge branch 'dev' into feat/cli

Author: Hintay

.air.toml

@@ -7,7 +7,7 @@ tmp_dir = "tmp"
 
 [build]
 # Just plain old shell command. You could use `make` as well.
-cmd = "CGO_ENABLED=1 go build -tags=jsoniter -ldflags=\"-X 'github.com/0xJacky/Nginx-UI/settings.buildTime=$(date +%s)'\" -v -o ./tmp/main ."
+cmd = "CGO_ENABLED=1 go build -tags=jsoniter,unembed -ldflags=\"-X 'github.com/0xJacky/Nginx-UI/settings.buildTime=$(date +%s)'\" -v -o ./tmp/main ."
 # Binary file yields from `cmd`.
 bin = "tmp/main"
 # Customize binary.

.devcontainer/Dockerfile

@@ -0,0 +1,49 @@
+FROM mcr.microsoft.com/devcontainers/base:jammy
+
+# Combine installation steps for Nginx and Go to avoid repetitive update/cleanup commands
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends curl gnupg2 ca-certificates lsb-release ubuntu-keyring jq && \
+    \
+    # Configure the Nginx repository
+    curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /usr/share/keyrings/nginx-archive-keyring.gpg && \
+    echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/mainline/ubuntu $(lsb_release -cs) nginx" \
+        > /etc/apt/sources.list.d/nginx.list && \
+    printf "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
+        > /etc/apt/preferences.d/99nginx && \
+    \
+    # Update package information and install Nginx
+    apt-get update && \
+    apt-get install -y --no-install-recommends nginx inotify-tools file && \
+    \
+    # Automatically retrieve the latest stable Go version and install it,
+    # download the appropriate binary based on system architecture (amd64 or arm64)
+    GO_VERSION=$(curl -sSL "https://golang.org/dl/?mode=json" | \
+        jq -r 'map(select(.stable)) | .[0].version' | sed 's/^go//') && \
+    ARCH=$(dpkg --print-architecture) && \
+    if [ "$ARCH" = "arm64" ]; then \
+      GO_ARCH=linux-arm64; \
+    else \
+      GO_ARCH=linux-amd64; \
+    fi && \
+    echo "Installing Go version: ${GO_VERSION} for architecture: ${GO_ARCH}" && \
+    curl -sSL "https://golang.org/dl/go${GO_VERSION}.${GO_ARCH}.tar.gz" -o go.tar.gz && \
+    rm -rf /usr/local/go && \
+    tar -C /usr/local -xzf go.tar.gz && \
+    rm go.tar.gz && \
+    \
+    # Remove jq and clean up to reduce image size
+    apt-get remove -y jq && \
+    apt-get autoremove -y && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN cp -rp /etc/nginx /etc/nginx.orig
+
+# Set PATH to include Go installation and default go install binary location
+ENV PATH="/usr/local/go/bin:/root/go/bin:${PATH}"
+
+# Install air with go install (requires Go 1.23 or higher)
+RUN go install github.com/air-verse/air@latest
+
+# set zsh as default shell
+RUN chsh -s $(which zsh)

.devcontainer/devcontainer.json

@@ -0,0 +1,44 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/ubuntu
+{
+  "name": "Ubuntu",
+  "dockerComposeFile": "docker-compose.yml",
+  "service": "nginx-ui",
+  "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
+  "shutdownAction": "stopCompose",
+  // Features to add to the dev container. More info: https://containers.dev/features.
+  "features": {
+    "ghcr.io/devcontainers/features/common-utils:2": {
+      "installOhMyZsh": true
+    },
+    "ghcr.io/devcontainers/features/node:1.6.1": {}
+  },
+
+  // Use 'forwardPorts' to make a list of ports inside the container available locally.
+  // "forwardPorts": [],
+
+  // Use 'postCreateCommand' to run commands after the container is created.
+  // "postCreateCommand": "",
+
+  // Configure tool-specific properties.
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "antfu.iconify",
+        "antfu.unocss",
+        "github.copilot",
+        "golang.go",
+        "vue.volar",
+        "ms-azuretools.vscode-docker"
+      ]
+    }
+  },
+
+  // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
+  "remoteUser": "root",
+  "overrideCommand": false,
+  "postStartCommand": "./.devcontainer/start.sh",
+  "mounts": [
+    "source=${localEnv:HOME}/.ssh,target=/root/.ssh,type=bind,consistency=cached"
+  ]
+}

.devcontainer/docker-compose.yml

@@ -0,0 +1,57 @@
+services:
+  nginx-ui:
+    build: .
+    image: nginx-ui-dev
+    container_name: nginx-ui
+    volumes:
+      - ../..:/workspaces:cached
+      - ./go-path:/root/go
+      - ./data/nginx:/etc/nginx
+    command: sleep infinity
+    environment:
+      - NGINX_UI_CERT_CA_DIR=https://pebble:14000/dir
+    networks:
+      nginxui:
+  nginx-ui-2:
+    image: nginx-ui-dev
+    container_name: nginx-ui-2
+    volumes:
+      - ../..:/workspaces:cached
+      - ./data/nginx-ui-2/nginx:/etc/nginx
+      - ./data/nginx-ui-2/nginx-ui:/etc/nginx-ui
+    working_dir: /workspaces/nginx-ui
+    command: ./.devcontainer/node-supervisor.sh
+    depends_on:
+      - nginx-ui
+    networks:
+      nginxui:
+
+  pebble:
+    image: ghcr.io/letsencrypt/pebble:latest
+    volumes:
+      - ./pebble-test:/test
+    command: -config /test/config/pebble-config.json -strict -dnsserver challtestsrv:8053
+    ports:
+        - 14000:14000 # HTTPS ACME API
+        - 15000:15000 # HTTPS Management API
+    environment:
+      - PEBBLE_VA_NOSLEEP=1
+      - PEBBLE_VA_ALWAYS_VALID=1
+    networks:
+      nginxui:
+  challtestsrv:
+    image: ghcr.io/letsencrypt/pebble-challtestsrv:latest
+    command: -defaultIPv6 "" -defaultIPv4 challtestsrv
+    ports:
+      - 8055:8055 # HTTP Management API
+    networks:
+      nginxui:
+  casdoor:
+    image: casbin/casdoor-all-in-one
+    ports:
+      - 8001:8000
+    networks:
+      - nginxui
+
+networks:
+  nginxui:

.devcontainer/init-nginx.sh

@@ -0,0 +1,6 @@
+# init nginx config dir
+if [ "$(ls -A /etc/nginx)" = "" ]; then
+    echo "Initialing Nginx config dir"
+    cp -rp /etc/nginx.orig/* /etc/nginx/
+    echo "Initialed Nginx config dir"
+fi

.devcontainer/node-supervisor.sh

@@ -0,0 +1,87 @@
+#!/bin/bash
+
+# Configurable variables
+SOURCE_FILE=/workspaces/nginx-ui/tmp/main
+TARGET_PATH=/usr/local/bin/nginx-ui
+CONFIG_FILE=/etc/nginx-ui/app.ini
+
+# init nginx
+./.devcontainer/init-nginx.sh
+
+LOG_PREFIX="[Supervisor]"
+
+# Debug initial state
+echo "$LOG_PREFIX Starting supervisor with:"
+echo "$LOG_PREFIX SOURCE_FILE: $SOURCE_FILE"
+echo "$LOG_PREFIX TARGET_PATH: $TARGET_PATH"
+echo "$LOG_PREFIX CONFIG_FILE: $CONFIG_FILE"
+
+# Wait for initial file creation
+while [[ ! -f "$SOURCE_FILE" ]]; do
+    echo "$LOG_PREFIX Waiting for $SOURCE_FILE to be created..."
+    sleep 1
+done
+
+# Initial copy and start
+echo "$LOG_PREFIX Initial file detected, starting service..."
+cp -fv "$SOURCE_FILE" "$TARGET_PATH"
+chmod +x "$TARGET_PATH"
+pkill -x nginx-ui || echo "$LOG_PREFIX No existing process to kill"
+nohup "$TARGET_PATH" -config "$CONFIG_FILE" > /proc/1/fd/1 2>&1 &
+
+# Use proper field separation for inotify output
+inotifywait -m -e close_write,moved_to,create,delete \
+    --format "%T|%w%f|%e" \
+    --timefmt "%F-%H:%M:%S" \
+    "$(dirname "$SOURCE_FILE")" |
+while IFS='|' read -r TIME FILE EVENT; do
+    echo "$LOG_PREFIX [${TIME}] Event: ${EVENT} - ${FILE}"
+    
+    # Handle atomic save operations
+    if [[ "$FILE" =~ .*-tmp-umask$ ]] || [[ "$EVENT" == "DELETE" ]]; then
+        echo "$LOG_PREFIX Detected build intermediate file, checking main..."
+        sleep 0.3  # Allow atomic replace completion
+        
+        if [[ -f "$SOURCE_FILE" ]]; then
+            echo "$LOG_PREFIX Valid main file detected after build"
+            FILE="$SOURCE_FILE"
+        else
+            echo "$LOG_PREFIX Main file missing after build operation"
+            continue
+        fi
+    fi
+
+    if [[ "$FILE" == "$SOURCE_FILE" ]]; then
+        # Stability checks
+        echo "$LOG_PREFIX File metadata:"
+        ls -l "$FILE"
+        file "$FILE"
+        
+        # Wait for file stability with retries
+        retries=5
+        while ((retries-- > 0)); do
+            if file "$FILE" | grep -q "executable"; then
+                break
+            fi
+            echo "$LOG_PREFIX Waiting for valid executable (${retries} retries left)..."
+            sleep 1
+        done
+
+        if ((retries <= 0)); then
+            echo "$LOG_PREFIX ERROR: File validation failed after 5 retries"
+            continue
+        fi
+
+        # Copy and restart service
+        echo "$LOG_PREFIX Updating service..."
+        cp -fv "$FILE" "$TARGET_PATH"
+        chmod +x "$TARGET_PATH"
+        
+        echo "$LOG_PREFIX Killing existing process..."
+        pkill -x nginx-ui || echo "$LOG_PREFIX No process to kill"
+        
+        echo "$LOG_PREFIX Starting new process..."
+        nohup "$TARGET_PATH" -config "$CONFIG_FILE" > /proc/1/fd/1 2>&1 &
+        echo "$LOG_PREFIX Restart complete. New PID: $(pgrep nginx-ui)"
+    fi
+done

.devcontainer/pebble-test/certs/README.md

@@ -0,0 +1,25 @@
+# certs/
+
+This directory contains a CA certificate (`pebble.minica.pem`) and a private key
+(`pebble.minica.key.pem`) that are used to issue a end-entity certificate (See
+`certs/localhost`)  for the Pebble HTTPS server.
+
+To get your **testing code** to use Pebble without HTTPS errors you should
+configure your ACME client to trust the `pebble.minica.pem` CA certificate. Your
+ACME client should offer a runtime option to specify a list of root CAs that you
+can configure to include the `pebble.minica.pem` file.
+
+**Do not** add this CA certificate to the system trust store or in production
+code!!! The CA's private key is **public** and anyone can use it to issue
+certificates that will be trusted by a system with the Pebble CA in the trust
+store.
+
+To re-create all of the Pebble certificates run:
+
+    minica -ca-cert pebble.minica.pem \
+           -ca-key pebble.minica.key.pem \
+           -domains localhost,pebble \
+           -ip-addresses 127.0.0.1
+
+From the `test/certs/` directory after [installing
+MiniCA](https://github.com/jsha/minica#installation)

.devcontainer/pebble-test/certs/localhost/README.md

@@ -0,0 +1,5 @@
+# certs/localhost
+
+This directory contains an end-entity (leaf) certificate (`cert.pem`) and
+a private key (`key.pem`) for the Pebble HTTPS server. It includes `127.0.0.1`
+as an IP address SAN, and `[localhost, pebble]` as DNS SANs.

.devcontainer/pebble-test/certs/localhost/cert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDGzCCAgOgAwIBAgIIbEfayDFsBtwwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
+AxMVbWluaWNhIHJvb3QgY2EgMjRlMmRiMCAXDTE3MTIwNjE5NDIxMFoYDzIxMDcx
+MjA2MTk0MjEwWjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCbFMW3DXXdErvQf2lCZ0qz0DGEWadDoF0O2neM5mVa
+VQ7QGW0xc5Qwvn3Tl62C0JtwLpF0pG2BICIN+DHdVaIUwkf77iBS2doH1I3waE1I
+8GkV9JrYmFY+j0dA1SwBmqUZNXhLNwZGq1a91nFSI59DZNy/JciqxoPX2K++ojU2
+FPpuXe2t51NmXMsszpa+TDqF/IeskA9A/ws6UIh4Mzhghx7oay2/qqj2IIPjAmJj
+i73kdUvtEry3wmlkBvtVH50+FscS9WmPC5h3lDTk5nbzSAXKuFusotuqy3XTgY5B
+PiRAwkZbEY43JNfqenQPHo7mNTt29i+NVVrBsnAa5ovrAgMBAAGjYzBhMA4GA1Ud
+DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T
+AQH/BAIwADAiBgNVHREEGzAZgglsb2NhbGhvc3SCBnBlYmJsZYcEfwAAATANBgkq
+hkiG9w0BAQsFAAOCAQEAYIkXff8H28KS0KyLHtbbSOGU4sujHHVwiVXSATACsNAE
+D0Qa8hdtTQ6AUqA6/n8/u1tk0O4rPE/cTpsM3IJFX9S3rZMRsguBP7BSr1Lq/XAB
+7JP/CNHt+Z9aKCKcg11wIX9/B9F7pyKM3TdKgOpqXGV6TMuLjg5PlYWI/07lVGFW
+/mSJDRs8bSCFmbRtEqc4lpwlrpz+kTTnX6G7JDLfLWYw/xXVqwFfdengcDTHCc8K
+wtgGq/Gu6vcoBxIO3jaca+OIkMfxxXmGrcNdseuUCa3RMZ8Qy03DqGu6Y6XQyK4B
+W8zIG6H9SVKkAznM2yfYhW8v2ktcaZ95/OBHY97ZIw==
+-----END CERTIFICATE-----

.devcontainer/pebble-test/certs/localhost/key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAmxTFtw113RK70H9pQmdKs9AxhFmnQ6BdDtp3jOZlWlUO0Blt
+MXOUML5905etgtCbcC6RdKRtgSAiDfgx3VWiFMJH++4gUtnaB9SN8GhNSPBpFfSa
+2JhWPo9HQNUsAZqlGTV4SzcGRqtWvdZxUiOfQ2TcvyXIqsaD19ivvqI1NhT6bl3t
+redTZlzLLM6Wvkw6hfyHrJAPQP8LOlCIeDM4YIce6Gstv6qo9iCD4wJiY4u95HVL
+7RK8t8JpZAb7VR+dPhbHEvVpjwuYd5Q05OZ280gFyrhbrKLbqst104GOQT4kQMJG
+WxGONyTX6np0Dx6O5jU7dvYvjVVawbJwGuaL6wIDAQABAoIBAGW9W/S6lO+DIcoo
+PHL+9sg+tq2gb5ZzN3nOI45BfI6lrMEjXTqLG9ZasovFP2TJ3J/dPTnrwZdr8Et/
+357YViwORVFnKLeSCnMGpFPq6YEHj7mCrq+YSURjlRhYgbVPsi52oMOfhrOIJrEG
+ZXPAwPRi0Ftqu1omQEqz8qA7JHOkjB2p0i2Xc/uOSJccCmUDMlksRYz8zFe8wHuD
+XvUL2k23n2pBZ6wiez6Xjr0wUQ4ESI02x7PmYgA3aqF2Q6ECDwHhjVeQmAuypMF6
+IaTjIJkWdZCW96pPaK1t+5nTNZ+Mg7tpJ/PRE4BkJvqcfHEOOl6wAE8gSk5uVApY
+ZRKGmGkCgYEAzF9iRXYo7A/UphL11bR0gqxB6qnQl54iLhqS/E6CVNcmwJ2d9pF8
+5HTfSo1/lOXT3hGV8gizN2S5RmWBrc9HBZ+dNrVo7FYeeBiHu+opbX1X/C1HC0m1
+wJNsyoXeqD1OFc1WbDpHz5iv4IOXzYdOdKiYEcTv5JkqE7jomqBLQk8CgYEAwkG/
+rnwr4ThUo/DG5oH+l0LVnHkrJY+BUSI33g3eQ3eM0MSbfJXGT7snh5puJW0oXP7Z
+Gw88nK3Vnz2nTPesiwtO2OkUVgrIgWryIvKHaqrYnapZHuM+io30jbZOVaVTMR9c
+X/7/d5/evwXuP7p2DIdZKQKKFgROm1XnhNqVgaUCgYBD/ogHbCR5RVsOVciMbRlG
+UGEt3YmUp/vfMuAsKUKbT2mJM+dWHVlb+LZBa4pC06QFgfxNJi/aAhzSGvtmBEww
+xsXbaceauZwxgJfIIUPfNZCMSdQVIVTi2Smcx6UofBz6i/Jw14MEwlvhamaa7qVf
+kqflYYwelga1wRNCPopLaQKBgQCWsZqZKQqBNMm0Q9yIhN+TR+2d7QFjqeePoRPl
+1qxNejhq25ojE607vNv1ff9kWUGuoqSZMUC76r6FQba/JoNbefI4otd7x/GzM9uS
+8MHMJazU4okwROkHYwgLxxkNp6rZuJJYheB4VDTfyyH/ng5lubmY7rdgTQcNyZ5I
+majRYQKBgAMKJ3RlII0qvAfNFZr4Y2bNIq+60Z+Qu2W5xokIHCFNly3W1XDDKGFe
+CCPHSvQljinke3P9gPt2HVdXxcnku9VkTti+JygxuLkVg7E0/SWwrWfGsaMJs+84
+fK+mTZay2d3v24r9WKEKwLykngYPyZw5+BdWU0E+xx5lGUd3U4gG
+-----END RSA PRIVATE KEY-----